From General Information

Secure WordPress with 2.8.6

upgrade-wordpressWordPress 2.8.6 was released today. It includes some security fixes for vulnerabilities found by WordPress users.

As always you can get the newest version of WordPress from the WordPress.org download page. We recommend always upgrading WordPress to the latest stable version available. If you don’t have the time or don’t know how, you can always hire us to make the upgrade for you. Just fill out the form on our “need help?” page and we’ll be in touch.

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.  If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

Bleary-Eyed Blogworld Expo Experience

Over the weekend I had the opportunity to attend Blogworld Expo as well as WordCamp Las Vegas. Blogworld was pretty huge, but WordCamp Las Vegas was a much smaller conference within the main conference. I had the chance to talk with some really great WordPress users and developers. I really got a good sense of what’s going on in the WordPress world. Unfortunately, Automattic decided to call a last minute pow-wow in Ottowa (if I remember correctly), so there was no official representation from the main developer of WordPress. I valued the opportunity to meet both Matt and Beau at previous WordCamps, so it was a little disappointing not having an Automattician there.

Blogworld Expo and New Media Expo Banner

8 Meaningful Takeaways

  1. Accessibility counts for something. Glenda Watson Hyatt laid out some ground rules for making your website POUR (Perceivable Operable Understandable Robust). I’m not going to give it all away, but you can download the ebook from her site: http://blogaccessibility.com/
  2. John P says that using URL shortening services like bit.ly, su.pr and TinyUrl is a detriment to your search engine reach. Instead of putting links to your website out in the wild to build some authority, you send out these other services’ links and boost up their popularity in the search engines. Pretty Link Pro by Blair Williams will likely replace two or three of your existing WordPress plugins and solve this exact problem for you. It will allow you to create short links for twitter and other sharing right on your own domain. This will help you keep all the Google juice that you deserve. I could probably have gotten Blair to give me a copy of the plugin after palling around all weekend, but as soon as I got home, I turned on my computer and bought the sucker. Check out the feature video for details: http://prettylinkpro.com/
  3. Go meet people in person at conferences. It’s nice to have a billion friends/followers online, but I bet having just five of those billion friends be actual real-life friends is more motivating, profitable and fun. Just make sure there’s no overlap, otherwise you’ll never have anything to talk about…hehe. Oh, and one more thing. Go to conferences alone. It will force you to interact with people that you wouldn’t otherwise approach.
  4. Go where the people are. Chris Pirillo is an Internet giant, yet he comes to where the people hang out online instead of forcing them to come to him. This means that getting your content syndicated in as many places as possible is super important.
  5. Care. Don’t care so much about the money you’re hoping to make, just care about why you’re doing it. If you put your heart into it, the money will come.
  6. It’s not good enough to just install the All-In-One SEO Pack plugin. You have to use it. When you’re posting to your website, scroll all the way down and fill in the meta box. You’ll be pleasantly surprised with your results.
  7. Never say no to a free show ticket. That’s kind of obvious, I know.
  8. Take your laptop with you.

If you want the short version, stop reading here. Otherwise, block out a good twenty minutes and read the rest of my ramblings about the weekend.

Read more

Liveblogging with WordPress for iPhone beta

About a month or so ago, I signed up for the beta test for the new WordPress for iPhone app. To my surprise, I was accepted into the program and have been trying it out as much as possible. The first beta app was really buggy, but I think that’s a good thing. It means that they’ve changed enough of the codebase to break stuff. Unfortunately it was so buggy that I could never really get a post up. I’m now trying out the next version and it is so much more stable (so far).

The new interface is a breath of fresh air. It feels much more polished than the version that you’re probably using. Unfortunately there’s still no way to put images in the middle of the post yet (except to move the code in the post). When you attach an image it gets pushed right to the bottom of the post.

Here’s some screen shots of the new interface.

 

If you’re using the WordPress for iPhone app now, you’re going to love the new version. It still has a lot of room for improvement, but I can assure you that the developers are hard at work building you something awesome.

WordCamp LA to OC WordCamp

Ben Huh, CEO of icanhascheezeburger

Jeff and I had an awesome time at WordCamp LA (thanks Frosty!). It was great to connect with some like minded WordPress folk. I’m still telling people about the amazingly simple, yet profitable business model that Ben Huh (@benhuh on twitter) implements at icanhascheezeburger.

Custom Hotel Lobby

The first day was great, but I have to tell you, the developer day at the Custom Hotel (see photo of the lobby above) was even better. With a crowd of only about 10 WordPress developers, we all got to have our individual questions answered. I sat next to Beau Lebens, Code Wrangler at Automattic. Not only was he a vast resource about everything WordPress, but he’s an incredibly nice, humble guy too.

3917853046_25d0fdb7cf

For those of you who missed WordCamp LA and are bummed out, don’t worry, we’re actually going to be hosting a WordCamp of our own in Orange County, California. We’ve already begun planning and, with the aid of CalEvents, this should be a great event. We’re really looking forward to another SoCal WordCamp, and we hope you are too. Stay tuned to the OC WordCamp website for full details.

Skype Headset Giveaway Results

skype-logoCongratulations go out to Josh Penrod of Amish Robot for entering our little giveaway and winning the Skype headset and 30 minutes of talk time. We’re looking forward to that “thank you” call Josh. ;)

For all of you who didn’t enter, let this be a lesson to you. Josh only took a few moments to register and post a comment for a chance to win. Now he;s got a sweet Skype headset for his efforts. We expect to see a better turnout for free warez next time.

For those of you who entered this time and didn’t win, keep leaving comments. Next time you could be the winner.

Skype Headset Giveaway

MySpace IM and Skype HeadsetAt our recent trip to WordCamp San Francisco, we talked with lots of vendors, potential partners and Matt Mullenweg himself.

One of the interesting vendors we talked with was MySpace. It turns out that they’ve got  new WordPress plugin and (like all other social networks) an API for connecting their platform with other platforms. We have one client in particular (Taro Gold – WordPress & MySpace) that uses MySpace as a means to get their books and music some publicity.

Currently the MySpace plugin allows “bloggers and commenters the ability to log in using their MySpace credentials rather than having to set up and remember yet another username and password.” This feature seems kind of trivial, but after talking with the representative, he revealed that they’re working on adding some other features that seem like they might be worth it, such as the ability to cross post between WordPress and MySpace.

While I’m personally not a huge fan of MySpace due to it’s lack of design standards, but I do see the benefit of using it for traffic generation. This is a huge step forward, and for that I commend them.

So what does this have to do with a Skype Headset, and why are we giving it away? Skype has also aparently partnered with MySpace  so that now you can use Skype to make phone calls with your MySpace IM account. MySpace is trying to promote the partnership, so they were giving away Free Skype headsets with 30 minutes of talk time. We picked it up, and while we use skype daily, we thought it would be in the good spirit of WordPress to give back to our community.

So, leave a comment on this post telling us what you’d do with 30 minutes of Skype talk time. We’ll choose a random comment on Friday, June 19th and announce the winner the following Monday.

WordPress 2.8 Available Now

WordPress 2.8 is now available for download!  WordPress 2.8 is nicknamed “Baker” after jazz trumpeter Chet Baker. What you should notice from the begining is that this version of WordPress handles and works faster than previous versions. The nice folks at Automattic attribute this to how they have “changed the way WordPress does style and scripting.”

One of the more prominent upgrades is the Theme browser.  Similar to how they updated the plug-in search and install in a previous version, you can now browse through the entire theme directory.  (These only include themes in the WordPress directory.) They allow you to search by theme attributes such as color, columns, width and features to narrow down your results.  Then you can install your selected theme with one click.  Again, Automattic just making things even easier.

Developers will really appreciate another new feature – syntax highlighting! If you are like me, you tend to make code adjustments in text editors rather than the WordPress admin mainly because syntax highlighting makes coding so much easier. Now you can code right in WordPress easily thanks to the CodePress editor. Furthermore, they have adding in contextual documentation as well as a function look-up that seems super handy.

Another treat for developers is the way they have redesigned the widget interface.  (This is a bit frustrating if you have already taken the time to become proficient at making widgets, but…) This upgrade will allow you to do things like “edit widgets on the fly, have multiple copies of the same widget, drag and drop widgets between sidebars, and save inactive widgets so you don’t lose all their settings.” We (developers) now have access to “a much cleaner and robust API” to help us create our widgets.

Sidebar are now easier to manage as well.  You can manage all your sidebars at the same time rather than having to update each sidebar separately.  Also, if you customize a widget, if you take the widget out of active duty, WordPress will remember the settings you selected for later use.

One nit-picky thing though.  They’ve changed the color scheme in the admin if you are using the Blue Admin Color Scheme.  What was once beautiful and soothing has now become stark and jarring.

For a list of all upgrades and improvments, click here.

Download WordPress 2.8 now (or click the upgrade link in your WordPress admin).